Ransomware is a scourge, being on of the most widespread threats any organisation or individual can face today.
Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.
Prices on ransomware vary depending on the ransomware variant and the price or exchange rates of digital currencies. Thanks to the perceived anonymity offered by cryptocurrencies, ransomware operators commonly specify ransom payments in bitcoins. Recent ransomware variants have also listed alternative payment options such as iTunes and Amazon gift cards. Even though paying the ransom does not guarantee that users will get the decryption key or unlock tool required to regain access to the infected system or hostaged files, it is still in the interest of cybercriminals to ensure data restoration - the payment notification page in more recent ransomware campaigns even has a "support" chat window!
Not only does ransomware generate huge amounts of money for criminal enterprises, but occasionally also disrupts operations where the effects have been devastating, like for hospitals which has resulted in canceled appointments and general disarray and no access basic records. One hospital in the UK had to cancel all non-urgent operations as a result.
In other cases production systems have been forced to a standstill as a result of poor access management and poor segmentation where a computer that was infected with ransomware affected common fileshares to which the user had access - which happened to be the very same that were used in the production environment! Even though backups may save the day for many organisations today, we still need to put more effort into layered defences, baselining IT-security since that there are also other threats out there that we need to be able to manage, apart from ransomware.
Investigating ransomware attacks (as well as IT related crime in general) with the aim to pinpoint perpetrators has so far been an uphill battle where several factors like attribution complexity and insufficient transnational law enforcement cooperation has made ransomware the preferred choice for the majority of cyber criminals where their nefarious activities currently go unpunished as a whole. We simply need to do better than this where for instance better intelligence sharing is a key factor along with joint taskforces as well as better public/private sector cooperation.
Even though we, as security professionals and crime fighters, experience a significant amount of frustration over the lack of success in fighting cybercrime, several of us share the passion to make the world a better place, even if it means one small step at the time. In the light of new intelligence and new key sources in ongoing investigations hopefully some of the perpetrators can be apprehended and brought to justice.
At Cybercom Group we are committed to make a difference where we welcome cooperation with colleagues in the industry. One organisation alone cannot make make a significant difference, but if we work together together we stand a sporting chance in fighting our common adversaries.
Keep up the fight dear brethren!